For those intent on having top notch security measures in place, the question shouldn’t really be ‘automatic or manual pen testing?’ but rather ‘how much of each?’ A web application scanner, used to identify security vulnerabilities in your web applications does not replace an experienced…
Troubleshooting tips for Apache, Part 2 – Apache HTTP Server logs
Apache HTTP Server logs First and foremost, the Apache HTTP Server error log should be analysed as this provides detailed information about any errors that have occurred on your web server. By default errors are logged in the error_log file located in the logs directory…
Troubleshooting tips for Apache, Part 1 – Verifying Apache HTTP Server Configuration and Version
Verify your Apache HTTP Server configuration Apache HTTP Server issues may also be a result of a misconfigured Apache httpd.conf configuration file. Going over the whole configuration file searching for typos may be a cumbersome task, but thankfully Apache provides a way to scan your…
Acunetix to be represented at Middle East CIO Summit 2015
On 25th February, IDC are holding their annual two day CIO summit in Dubai. This year, Acunetix co-partner Comguard will be in attendance, along with Acunetix General Manager Christopher Martin to discuss with attendees how Acunetix web application vulnerability scanner can help in the defence…
The Internet of Things; Technological Paranoia Brought to Life
An emerging development which is a growing risk to security is the ‘internet of things’ (IoT). This refers to appliances which are connected to the internet and can, therefore, be hacked just as a computer can be. While their functionality might be limited, there have…
Anthem Inc hack; why healthcare insurers need to raise their bar on cyber security
It’s been known for some time that healthcare information is a target for hackers, also that the motivation for these thefts has diversified. Such data is now used not only for identity theft but is believed to be targeted by countries such as China for…
WordPress Security Tips Part 10 – Secure Your Debug Logs
During development of plugins or themes, as well as during deployment of a WordPress site, developers or system administrators may enable debug logs to log any PHP errors that occur. WordPress makes use of the WP_DEBUG constant which is defined in wp-config.php. The constant is…
Don’t Let a GHOST Vulnerability Haunt Your Systems
This week a new Linux vulnerability called GHOST (CVE-2015-0235) has been published and subsequently patched, including an update to Acunetix, which can now detect the vulnerability in both its online and on-premises forms. While some cited GHOST as being as dangerous as Shellshock or Heartbleed,…
WordPress Security Tips Part 9 – Prevent PHP files from executing
Since WordPress sites need to allow their users to upload new content, WordPress’ upload directory needs to be writable. To such an extent, your wp-contnet/uploads directory should be considered a potential entry point. The biggest potential threat is the uploading of PHP files. WordPress won’t…